Penetration Tester

Join us in building the future of finance.

Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you're ready to be at the epicenter of this historic cultural and financial shift, keep reading.

About the team + role

We are building an elite team, applying frontier technologies to the world's biggest financial problems. We're looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn't a place for complacency, it's where ambitious people do the best work of their careers. We're a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Penetration Testing team at Robinhood is a core part of our Offensive Security program and a key pillar within Security & Privacy Engineering. We work across the company to identify, understand, and reduce security risk through threat modeling, penetration testing, code reviews, and vulnerability research. Our team goes beyond simply finding issues-we take pride in fixing what we find, contributing to long-term improvements, and proactively helping teams build safer systems from the start.

As a Penetration Tester, you'll be a hands-on contributor to our internal application security testing program. You'll perform manual assessments, research emerging threats, scale the team with automation, and work directly with engineers to design and implement fixes. This is a highly collaborative role that combines technical depth, creativity, and clear communication to protect our customers and our platform.

This role is based in our Menlo Park, CA or Bellevue, WA office(s), with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you'll do

• Perform application security assessments, including code reviews (primarily Go and Python), design reviews, and manual penetration testing of web applications, services, and infrastructure.
• Conduct threat modeling for high-impact systems and articulate security risk in terms of business logic, fraud potential, and customer impact.
• Collaborate on the triage of bug bounty submissions.
• Validate critical vulnerabilities surfaced by automated tools and improve detection coverage through scripting and configuration.
• Work cross-functionally with engineers to mitigate issues, often contributing detection strategies, and occasionally direct code fixes (via pull requests).
• Research emerging threats, new technologies, and attack techniques to inform internal security guidance and testing approaches.
• Publish technical blog posts, speak at industry conferences, or share insights with the wider security community.
• Advocate for security and privacy across engineering and product development teams.

What you bring

• 3-5+ years of experience in penetration testing, application security, or security engineering.
• Proficiency in reading and reviewing Go and Python source code.
• Strong grasp of web application security principles, authentication and authorization models, and common vulnerability patterns.
• Experience with vulnerability research, business logic flaws, and application-layer abuse patterns.
• Familiarity with Linux systems, intrusion detection, and common log formats.
• Hands-on experience testing cloud environments (AWS, GCP, or similar) and container orchestration platforms (Docker, Kubernetes).
• Knowledge of network protocols (TCP/IP, DNS) and secure architecture best practices.
• Ability to work independently, structure and execute testing plans, and clearly communicate risk to technical and non-technical stakeholders.
• Comfort collaborating and documenting work asynchronously using tools like Slack, GitHub, and JIRA.

Bonus points

• Experience in the financial technology (fintech) industry or highly regulated environments.
• Passion for improving security through fixing-not just finding-vulnerabilities.
• Demonstrated history of challenging security assumptions and creatively solving complex problems.

What we offer

• Challenging, high-impact work to grow your career
• Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
• Best in class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents
• Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more
• Employer-paid life & disability insurance, fertility benefits, and mental health benefits
• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!
• Exceptional office experience with catered meals, events, and comfortable workspaces.

In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones. For other locations not listed, compensation can be discussed with your recruiter during the interview process.

Base Pay Range:

Zone 1 (Menlo Park, CA; New York, NY; Bellevue, WA; Washington, DC)

$157,000-$185,000 USD

Zone 2 (Denver, CO; Westlake, TX; Chicago, IL)

$139,000-$163,000 USD

Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL)

$122,000-$144,000 USD

Click here to learn more about our Total Rewards, which vary by region and entity.

If our mission energizes you and you're ready to build the future of finance, we look forward to seeing your application.

Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work-welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application.